From bugzilla at redhat.com Mon Oct 3 18:30:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2016 18:30:32 +0000 Subject: [RHSA-2016:1985-01] Important: thunderbird security update Message-ID: <201610031830.u93IUWQ1001160@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2016:1985-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1985.html Issue date: 2016-10-03 CVE Names: CVE-2016-5257 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1377543 - CVE-2016-5257 Mozilla: Memory safety bugs fixed in Firefox ESR 45.4 (MFSA 2016-85, MFSA 2016-86) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-45.4.0-1.el5_11.src.rpm i386: thunderbird-45.4.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.4.0-1.el5_11.i386.rpm x86_64: thunderbird-45.4.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server): Source: thunderbird-45.4.0-1.el5_11.src.rpm i386: thunderbird-45.4.0-1.el5_11.i386.rpm thunderbird-debuginfo-45.4.0-1.el5_11.i386.rpm x86_64: thunderbird-45.4.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-45.4.0-1.el6_8.src.rpm i386: thunderbird-45.4.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.4.0-1.el6_8.i686.rpm x86_64: thunderbird-45.4.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-45.4.0-1.el6_8.src.rpm i386: thunderbird-45.4.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.4.0-1.el6_8.i686.rpm ppc64: thunderbird-45.4.0-1.el6_8.ppc64.rpm thunderbird-debuginfo-45.4.0-1.el6_8.ppc64.rpm s390x: thunderbird-45.4.0-1.el6_8.s390x.rpm thunderbird-debuginfo-45.4.0-1.el6_8.s390x.rpm x86_64: thunderbird-45.4.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-45.4.0-1.el6_8.src.rpm i386: thunderbird-45.4.0-1.el6_8.i686.rpm thunderbird-debuginfo-45.4.0-1.el6_8.i686.rpm x86_64: thunderbird-45.4.0-1.el6_8.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-45.4.0-1.el7_2.src.rpm x86_64: thunderbird-45.4.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-45.4.0-1.el7_2.src.rpm ppc64le: thunderbird-45.4.0-1.el7_2.ppc64le.rpm thunderbird-debuginfo-45.4.0-1.el7_2.ppc64le.rpm x86_64: thunderbird-45.4.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-45.4.0-1.el7_2.src.rpm x86_64: thunderbird-45.4.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-45.4.0-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5257 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8qOCXlSAg2UNWIIRApz/AJ9r1l3Bb+OxZ3bNtG/kI2gvIOZslQCbBgFS gfVctbf66uYHHsiTmQrGYAI= =6pP4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 3 19:37:50 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2016 19:37:50 +0000 Subject: [RHSA-2016:1986-01] Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support Six-Month Notice Message-ID: <201610031937.u93JboNs021621@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support Six-Month Notice Advisory ID: RHSA-2016:1986-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1986.html Issue date: 2016-10-03 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 4 Extended Life Cycle Support Add-On (ELS). This notification applies only to those customers subscribed to the Extended Life Cycle Support (ELS) channel for Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017. In addition, on-going technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: redhat-release-4AS-10.13.src.rpm i386: redhat-release-4AS-10.13.i386.rpm ia64: redhat-release-4AS-10.13.ia64.rpm x86_64: redhat-release-4AS-10.13.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: redhat-release-4ES-10.13.src.rpm i386: redhat-release-4ES-10.13.i386.rpm x86_64: redhat-release-4ES-10.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8rN4XlSAg2UNWIIRAtHNAJ98mHlhZNYuaEhbVtkIB9cVz3d0eQCghbWR /SLkz/SKT8ShuRrNHOb9vTI= =zcS2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 3 19:38:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2016 19:38:35 +0000 Subject: [RHSA-2016:1989-01] Low: Red Hat Enterprise Developer Toolset Version 3.x One-Month Retirement Notice Message-ID: <201610031938.u93Jcaxh009044@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 3.x One-Month Retirement Notice Advisory ID: RHSA-2016:1989-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1989.html Issue date: 2016-10-03 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Developer Toolset Version 3.x. This notification applies only to those customers subscribed to the channel for Red Hat Developer Toolset Version 3.x. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 3.x after this date. We encourage customers using Red Hat Enterprise Developer Toolset Version 3.x to plan their migration to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found here: https://access.redhat.com/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 3.x will be retired on October 31, 2016. Customers using Red Hat Enterprise Developer Toolset Version 3.x are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle page here https://access.redhat.com/support/policy/updates/dts/ 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8rOgXlSAg2UNWIIRAgLBAKCuRyeHXTev/VHjiENvTLaFaz3yAACeJ3A0 CaQvDYsFUof7iCl9Vb4uHJ0= =OIBu -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 3 19:40:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2016 19:40:01 +0000 Subject: [RHSA-2016:1990-01] Low: Red Hat Enterprise Linux 5 Six-Month Retirement Notice Message-ID: <201610031940.u93Je2Ya012480@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5 Six-Month Retirement Notice Advisory ID: RHSA-2016:1990-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1990.html Issue date: 2016-10-03 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 5. This notification applies only to those customers subscribed to the channel for Red Hat Enterprise Linux 5. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may, of course, use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: redhat-release-5Client-5.11.0.6.src.rpm i386: redhat-release-5Client-5.11.0.6.i386.rpm x86_64: redhat-release-5Client-5.11.0.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: redhat-release-5Server-5.11.0.6.src.rpm i386: redhat-release-5Server-5.11.0.6.i386.rpm ia64: redhat-release-5Server-5.11.0.6.ia64.rpm ppc: redhat-release-5Server-5.11.0.6.ppc.rpm s390x: redhat-release-5Server-5.11.0.6.s390x.rpm x86_64: redhat-release-5Server-5.11.0.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8rP8XlSAg2UNWIIRApyUAJ9ZHolEgVAoS3DjUUKtou2ykxePywCfW5fD GE2jDzX0hWTviwDiWFIcAx4= =a49/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 3 19:40:38 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2016 19:40:38 +0000 Subject: [RHSA-2016:1991-01] Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) Six-Month Notice Message-ID: <201610031940.u93JecaN013616@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) Six-Month Notice Advisory ID: RHSA-2016:1991-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1991.html Issue date: 2016-10-03 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 5.6. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 5.6 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: redhat-release-5Server-5.6.0.11.src.rpm i386: redhat-release-5Server-5.6.0.11.i386.rpm ia64: redhat-release-5Server-5.6.0.11.ia64.rpm x86_64: redhat-release-5Server-5.6.0.11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ https://access.redhat.com/articles/64664 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8rQeXlSAg2UNWIIRAi9EAKCxWkPN0yxEoZM8ComVKlJK919ClQCfTICU GXztUPXQUYmyWDK4yi+ZCPI= =SC/y -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 4 17:19:42 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Oct 2016 17:19:42 +0000 Subject: [RHSA-2016:1994-01] Low: Red Hat OpenShift Enterprise 2.x - 3 Month End Of Life Notice Message-ID: <201610041719.u94HJgOQ025238@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenShift Enterprise 2.x - 3 Month End Of Life Notice Advisory ID: RHSA-2016:1994-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1994.html Issue date: 2016-10-04 ===================================================================== 1. Summary: This is the 3 Month notification for the End of Production Phase 1 of Red Hat OpenShift Enterprise 2.x (2.0, 2.1 and 2.2). 2. Description: In accordance with the Red Hat OpenShift Enterprise Support Life Cycle Policy, support for OpenShift Enterprise 2.x (2.0, 2.1 and 2.2) will end on December 31, 2016. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat OpenShift Enterprise product prior to the end of the life cycle for OpenShift Enterprise 2.x. After December 31, 2016, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 2.x to the latest version of Red Hat OpenShift Enterprise. Please contact your Red Hat account representative if you have questions and/or concerns on this matter. 3. Solution: Full details of the Red Hat OpenShift Enterprise Life Cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/openshift 4. Bugs fixed (https://bugzilla.redhat.com/): 1372034 - Red Hat OpenShift Enterprise 2.x - 3 Month End Of Life Notice 5. References: https://access.redhat.com/security/updates/classification/#low 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX8+SpXlSAg2UNWIIRAkWqAJsHOAF1lcUEH98Y2htN7oi5oSZK8gCgqcmE eUf7zp8xAPNugwPN27QDqeI= =Uzra -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 4 21:45:00 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Oct 2016 21:45:00 +0000 Subject: [RHSA-2016:2006-01] Important: kernel security and bug fix update Message-ID: <201610042145.u94Lj0kI032549@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2006-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2006.html Issue date: 2016-10-04 CVE Names: CVE-2016-4470 CVE-2016-5829 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate) The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962) * In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036) * Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the "unlinked" state to the "free" state: The numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the "unlinked" state. In some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic. If an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption. With this update, the transition from "unlinked" to "free" state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037) * Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038) * When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.6.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm ppc64: kernel-2.6.32-642.6.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.1.el6.ppc64.rpm kernel-devel-2.6.32-642.6.1.el6.ppc64.rpm kernel-headers-2.6.32-642.6.1.el6.ppc64.rpm perf-2.6.32-642.6.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm s390x: kernel-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-devel-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.1.el6.s390x.rpm kernel-devel-2.6.32-642.6.1.el6.s390x.rpm kernel-headers-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.6.1.el6.s390x.rpm perf-2.6.32-642.6.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm python-perf-2.6.32-642.6.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm python-perf-2.6.32-642.6.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/cve/CVE-2016-5829 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX9CKhXlSAg2UNWIIRAtDIAJ4jq1XKyOvhk936eIn8YqaTfkJ9PQCdEyBk pvpRQNlcn7vpNO2lmcMjswg= =1otA -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 5 13:09:12 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Oct 2016 13:09:12 +0000 Subject: [RHSA-2016:2007-01] Important: chromium-browser security update Message-ID: <201610051309.u95D9C2F012906@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:2007-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2007.html Issue date: 2016-10-05 CVE Names: CVE-2016-5177 CVE-2016-5178 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 53.0.2785.143. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5177, CVE-2016-5178) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1380631 - CVE-2016-5177 chromium-browser: use after free in v8 1380632 - CVE-2016-5178 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-53.0.2785.143-1.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.143-1.el6.i686.rpm x86_64: chromium-browser-53.0.2785.143-1.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.143-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-53.0.2785.143-1.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.143-1.el6.i686.rpm x86_64: chromium-browser-53.0.2785.143-1.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.143-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5177 https://access.redhat.com/security/cve/CVE-2016-5178 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_29.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX9PtpXlSAg2UNWIIRAtzGAKChU89ysBZuQKkFuYdYB1OjvisXsQCgvCpF 2jFkW75/k++PTS+b0ngXwD8= =Dhax -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 5 13:25:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Oct 2016 13:25:34 +0000 Subject: [RHSA-2016:2008-01] Low: Red Hat Enterprise Linux 7.1 Extended Update Support Six-Month Notice Message-ID: <201610051325.u95DPYRv031620@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 7.1 Extended Update Support Six-Month Notice Advisory ID: RHSA-2016:2008-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2008.html Issue date: 2016-10-05 ===================================================================== 1. Summary: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 7.1 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 7.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017. In addition, technical support through Red Hat's Global Support Services will be limited as described under "non-current minor releases" in the Knowledge Base article located at https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 7.1 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 7.1): Source: redhat-release-server-7.1-1.el7_1.4.src.rpm ppc64: redhat-release-server-7.1-1.el7_1.4.ppc64.rpm s390x: redhat-release-server-7.1-1.el7_1.4.s390x.rpm x86_64: redhat-release-server-7.1-1.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: redhat-release-server-7.1-1.ael7b_1.4.src.rpm ppc64le: redhat-release-server-7.1-1.ael7b_1.4.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/64664 https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX9P9EXlSAg2UNWIIRAu22AJ9etweMaFKj+R2RS097qNY6y4HkVwCgoKrI TBIEEwPZL4Wor2jauSsJO8I= =zjCL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 06:27:35 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 06:27:35 +0000 Subject: [RHSA-2016:2038-01] Moderate: python-django security update Message-ID: <201610100627.u9A6Ra7Y014558@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:2038-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2038.html Issue date: 2016-10-10 CVE Names: CVE-2016-7401 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''. (CVE-2016-7401) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: python-django-1.6.11-6.el6ost.src.rpm noarch: python-django-1.6.11-6.el6ost.noarch.rpm python-django-bash-completion-1.6.11-6.el6ost.noarch.rpm python-django-doc-1.6.11-6.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+zS5XlSAg2UNWIIRAkwZAKCfQm9SImmZam96pjyLTvDTQi3e7ACglYBv Eoy+EMN3GH8s/+A0vb6erFs= =N6jZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 06:28:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 06:28:08 +0000 Subject: [RHSA-2016:2039-01] Moderate: python-django security update Message-ID: <201610100628.u9A6SBUA014777@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:2039-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2039.html Issue date: 2016-10-10 CVE Names: CVE-2016-7401 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''. (CVE-2016-7401) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: python-django-1.6.11-6.el7ost.src.rpm noarch: python-django-1.6.11-6.el7ost.noarch.rpm python-django-bash-completion-1.6.11-6.el7ost.noarch.rpm python-django-doc-1.6.11-6.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+zTyXlSAg2UNWIIRAnbAAJ95MwEVremQy0RXZ4yyq+v4Bo9AiwCfQSPX lSg4ZobhWZ7OX4LJJV8og0Q= =SR0A -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 06:28:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 06:28:33 +0000 Subject: [RHSA-2016:2040-01] Moderate: python-django security update Message-ID: <201610100628.u9A6SYGn008165@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:2040-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2040.html Issue date: 2016-10-10 CVE Names: CVE-2016-7401 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): * A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''. (CVE-2016-7401) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: python-django-1.6.11-6.el7ost.src.rpm noarch: python-django-1.6.11-6.el7ost.noarch.rpm python-django-bash-completion-1.6.11-6.el7ost.noarch.rpm python-django-doc-1.6.11-6.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+zUNXlSAg2UNWIIRAmFcAKC7KQkiGuOKeCiYMKjsMww4Ir0qpwCguddy tYzmmOFCPw85Pmd0uIoan8E= =pQp7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 06:28:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 06:28:53 +0000 Subject: [RHSA-2016:2041-01] Moderate: python-django security update Message-ID: <201610100628.u9A6SrnO015036@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2016:2041-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2041.html Issue date: 2016-10-10 CVE Names: CVE-2016-7401 ===================================================================== 1. Summary: An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. The following packages have been upgraded to a newer upstream version: python-django (1.8.15). (BZ#1378620) Security Fix(es): * A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''. (CVE-2016-7401) Red Hat would like to thank the upstream Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: python-django-1.8.15-1.el7ost.src.rpm noarch: python-django-1.8.15-1.el7ost.noarch.rpm python-django-bash-completion-1.8.15-1.el7ost.noarch.rpm python-django-doc-1.8.15-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+zUhXlSAg2UNWIIRAm5nAJ9EG4XyEWupTsNGOm7fxcXvfjpzHACgggrr YHfkXJP5U6o0TIN9vlihHe4= =xGpA -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 20:50:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 20:50:39 +0000 Subject: [RHSA-2016:2045-01] Important: tomcat6 security and bug fix update Message-ID: <201610102050.u9AKodbE018327@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security and bug fix update Advisory ID: RHSA-2016:2045-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2045.html Issue date: 2016-10-10 CVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 CVE-2016-5388 CVE-2016-6325 ===================================================================== 1. Summary: An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security. Bug Fix(es): * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the "rpm -V" command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1265698 - CVE-2015-5174 tomcat: URL Normalization issue 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1353809 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header 1357123 - rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out [rhel-6.8.z] 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: tomcat6-6.0.24-98.el6_8.src.rpm noarch: tomcat6-6.0.24-98.el6_8.noarch.rpm tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-lib-6.0.24-98.el6_8.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: tomcat6-6.0.24-98.el6_8.src.rpm noarch: tomcat6-6.0.24-98.el6_8.noarch.rpm tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-lib-6.0.24-98.el6_8.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-98.el6_8.src.rpm noarch: tomcat6-6.0.24-98.el6_8.noarch.rpm tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-lib-6.0.24-98.el6_8.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-98.el6_8.src.rpm noarch: tomcat6-6.0.24-98.el6_8.noarch.rpm tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm tomcat6-lib-6.0.24-98.el6_8.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5174 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-5388 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/updates/classification/#important https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+/4AXlSAg2UNWIIRAjm0AJ9rYknhq2i5F0ykr0zogwOYt9DJ6QCdHkkb kkUxsjVWgiQohr2wjkMhuFg= =OFvs -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 20:51:33 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 20:51:33 +0000 Subject: [RHSA-2016:2046-01] Important: tomcat security update Message-ID: <201610102051.u9AKpXZi011082@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2016:2046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2046.html Issue date: 2016-10-10 CVE Names: CVE-2014-7810 CVE-2015-5346 CVE-2016-5388 CVE-2016-5425 CVE-2016-6325 ===================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425) * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) Red Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1222573 - CVE-2014-7810 Tomcat/JbossWeb: security manager bypass via EL expressions 1311085 - CVE-2015-5346 tomcat: Session fixation 1353809 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header 1362545 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.54-8.el7_2.src.rpm noarch: tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.54-8.el7_2.noarch.rpm tomcat-admin-webapps-7.0.54-8.el7_2.noarch.rpm tomcat-docs-webapp-7.0.54-8.el7_2.noarch.rpm tomcat-el-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-javadoc-7.0.54-8.el7_2.noarch.rpm tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-jsvc-7.0.54-8.el7_2.noarch.rpm tomcat-lib-7.0.54-8.el7_2.noarch.rpm tomcat-webapps-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.54-8.el7_2.src.rpm noarch: tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.54-8.el7_2.noarch.rpm tomcat-admin-webapps-7.0.54-8.el7_2.noarch.rpm tomcat-docs-webapp-7.0.54-8.el7_2.noarch.rpm tomcat-el-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-javadoc-7.0.54-8.el7_2.noarch.rpm tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-jsvc-7.0.54-8.el7_2.noarch.rpm tomcat-lib-7.0.54-8.el7_2.noarch.rpm tomcat-webapps-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.54-8.el7_2.src.rpm noarch: tomcat-7.0.54-8.el7_2.noarch.rpm tomcat-admin-webapps-7.0.54-8.el7_2.noarch.rpm tomcat-el-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-lib-7.0.54-8.el7_2.noarch.rpm tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch.rpm tomcat-webapps-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.54-8.el7_2.noarch.rpm tomcat-admin-webapps-7.0.54-8.el7_2.noarch.rpm tomcat-docs-webapp-7.0.54-8.el7_2.noarch.rpm tomcat-el-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-javadoc-7.0.54-8.el7_2.noarch.rpm tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-jsvc-7.0.54-8.el7_2.noarch.rpm tomcat-lib-7.0.54-8.el7_2.noarch.rpm tomcat-webapps-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.54-8.el7_2.src.rpm noarch: tomcat-7.0.54-8.el7_2.noarch.rpm tomcat-admin-webapps-7.0.54-8.el7_2.noarch.rpm tomcat-el-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch.rpm tomcat-lib-7.0.54-8.el7_2.noarch.rpm tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch.rpm tomcat-webapps-7.0.54-8.el7_2.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.54-8.el7_2.noarch.rpm tomcat-javadoc-7.0.54-8.el7_2.noarch.rpm tomcat-jsvc-7.0.54-8.el7_2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7810 https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2016-5388 https://access.redhat.com/security/cve/CVE-2016-5425 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/updates/classification/#important https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX+/82XlSAg2UNWIIRAgOSAJ9aABVl6Frcdth31LFI2ezFGEThFQCdHTk4 EFkvvoMOhjMDVVwCnsedKK8= =FOMm -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 10 23:09:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Oct 2016 19:09:57 -0400 Subject: [RHSA-2016:2047-01] Important: kernel security update Message-ID: <201610102309.u9AN9v9s022228@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2047-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2047.html Issue date: 2016-10-10 CVE Names: CVE-2016-7039 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375944 - CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.2.el7.noarch.rpm kernel-doc-3.10.0-327.36.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-headers-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.2.el7.x86_64.rpm perf-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.2.el7.noarch.rpm kernel-doc-3.10.0-327.36.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-headers-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.2.el7.x86_64.rpm perf-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.2.el7.noarch.rpm kernel-doc-3.10.0-327.36.2.el7.noarch.rpm ppc64: kernel-3.10.0-327.36.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.36.2.el7.ppc64.rpm kernel-debug-3.10.0-327.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.36.2.el7.ppc64.rpm kernel-devel-3.10.0-327.36.2.el7.ppc64.rpm kernel-headers-3.10.0-327.36.2.el7.ppc64.rpm kernel-tools-3.10.0-327.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.36.2.el7.ppc64.rpm perf-3.10.0-327.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm python-perf-3.10.0-327.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.36.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debug-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.36.2.el7.ppc64le.rpm kernel-devel-3.10.0-327.36.2.el7.ppc64le.rpm kernel-headers-3.10.0-327.36.2.el7.ppc64le.rpm kernel-tools-3.10.0-327.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.36.2.el7.ppc64le.rpm perf-3.10.0-327.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm python-perf-3.10.0-327.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm s390x: kernel-3.10.0-327.36.2.el7.s390x.rpm kernel-debug-3.10.0-327.36.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.s390x.rpm kernel-debug-devel-3.10.0-327.36.2.el7.s390x.rpm kernel-debuginfo-3.10.0-327.36.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.36.2.el7.s390x.rpm kernel-devel-3.10.0-327.36.2.el7.s390x.rpm kernel-headers-3.10.0-327.36.2.el7.s390x.rpm kernel-kdump-3.10.0-327.36.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.36.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.36.2.el7.s390x.rpm perf-3.10.0-327.36.2.el7.s390x.rpm perf-debuginfo-3.10.0-327.36.2.el7.s390x.rpm python-perf-3.10.0-327.36.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.s390x.rpm x86_64: kernel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-headers-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.2.el7.x86_64.rpm perf-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.2.el7.noarch.rpm kernel-doc-3.10.0-327.36.2.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-devel-3.10.0-327.36.2.el7.x86_64.rpm kernel-headers-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.2.el7.x86_64.rpm perf-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7039 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/B/DXlSAg2UNWIIRAnxIAJ0caImbU/keEpfj+NLwG1ot88xhGACfTWv7 Ugflv6ud+f6nUaE93AOd2qQ= =kTSD -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 12 18:22:07 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Oct 2016 18:22:07 +0000 Subject: [RHSA-2016:2057-01] Critical: flash-plugin security update Message-ID: <201610121822.u9CIM7fA020879@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:2057-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html Issue date: 2016-10-12 CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.637. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.637-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.637-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.637-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.637-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.637-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.637-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.637-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.637-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.637-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.637-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4273 https://access.redhat.com/security/cve/CVE-2016-4286 https://access.redhat.com/security/cve/CVE-2016-6981 https://access.redhat.com/security/cve/CVE-2016-6982 https://access.redhat.com/security/cve/CVE-2016-6983 https://access.redhat.com/security/cve/CVE-2016-6984 https://access.redhat.com/security/cve/CVE-2016-6985 https://access.redhat.com/security/cve/CVE-2016-6986 https://access.redhat.com/security/cve/CVE-2016-6987 https://access.redhat.com/security/cve/CVE-2016-6989 https://access.redhat.com/security/cve/CVE-2016-6990 https://access.redhat.com/security/cve/CVE-2016-6992 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-32.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5 6UAFhMbkHmPLVjTeEA1eCe8= =qe9H -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 20:08:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2016 20:08:46 +0000 Subject: [RHSA-2016:2058-01] Important: mariadb-galera security update Message-ID: <201610132008.u9DK8kqf009672@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security update Advisory ID: RHSA-2016:2058-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2058.html Issue date: 2016-10-13 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: mariadb-galera-5.5.42-1.1.el6ost.src.rpm x86_64: mariadb-galera-common-5.5.42-1.1.el6ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-1.1.el6ost.x86_64.rpm mariadb-galera-server-5.5.42-1.1.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2016-6662 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/+m+XlSAg2UNWIIRAhyMAJ9DsXCln7YBsiC07myChizET4FqVACdHjRK qwCGSv6ibpsND+rJuAOK+FQ= =6CBH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 20:09:13 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2016 20:09:13 +0000 Subject: [RHSA-2016:2059-01] Important: mariadb-galera security and bug fix update Message-ID: <201610132009.u9DK9ELC012095@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security and bug fix update Advisory ID: RHSA-2016:2059-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2059.html Issue date: 2016-10-13 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) Bug Fix(es): * Because Red Hat Enterprise Linux 7.3 changed the return format of the "systemctl is-enabled" command as consumed by shell scripts, the mariadb-galera RPM package, upon installation, erroneously detected that the MariaDB service was enabled when it was not. As a result, the Red Hat OpenStack Platform installer, which then tried to run mariadb-galera using Pacemaker and not systemd, failed to start Galera. With this update, mariadb-galera's RPM installation scripts now use a different systemctl command, correctly detecting the default MariaDB as disabled, and the installer can succeed. (BZ#1376908) * Previously, both the mariadb-server and mariadb-galera-server packages shipped the client-facing libraries, dialog.so and mysql_clear_password.so. As a result, the mariadb-galera-server package would fail to install because of package conflicts. With this update, these libraries have been moved from mariadb-galera-server to mariadb-libs, and the mariadb-galera-server package installs successfully. (BZ#1376902) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1376902 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict. 1376908 - mysqld service prevents haproxy to get started and deployment fails 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: mariadb-galera-5.5.42-1.2.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.42-1.2.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-1.2.el7ost.x86_64.rpm mariadb-galera-server-5.5.42-1.2.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2016-6662 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/+ncXlSAg2UNWIIRAjDHAJ9pQ8o9rq4RJ1X10ucF9ZV7ZNAtNQCfY+ue VoMtEE5l2Wp00bPtZcTFdJ0= =ReLe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 20:09:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2016 20:09:39 +0000 Subject: [RHSA-2016:2060-01] Important: mariadb-galera security and bug fix update Message-ID: <201610132009.u9DK9erU012384@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security and bug fix update Advisory ID: RHSA-2016:2060-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2060.html Issue date: 2016-10-13 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) Bug Fix(es): * Because Red Hat Enterprise Linux 7.3 changed the return format of the "systemctl is-enabled" command as consumed by shell scripts, the mariadb-galera RPM package, upon installation, erroneously detected that the MariaDB service was enabled when it was not. As a result, the Red Hat OpenStack Platform installer, which then tried to run mariadb-galera using Pacemaker and not systemd, failed to start Galera. With this update, mariadb-galera's RPM installation scripts now use a different systemctl command, correctly detecting the default MariaDB as disabled, and the installer can succeed. (BZ#1376909) * Previously, both the mariadb-server and mariadb-galera-server packages shipped the client-facing libraries, dialog.so and mysql_clear_password.so. As a result, the mariadb-galera-server package would fail to install because of package conflicts. With this update, these libraries have been moved from mariadb-galera-server to mariadb-libs, and the mariadb-galera-server package installs successfully. (BZ#1376903) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1376903 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict. 1376909 - mysqld service prevents haproxy to get started and deployment fails 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: mariadb-galera-5.5.42-1.2.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.42-1.2.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-1.2.el7ost.x86_64.rpm mariadb-galera-server-5.5.42-1.2.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2016-6662 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/+n4XlSAg2UNWIIRAqiYAKCmra9Lgje5oDlMbH8GxPJJMpsMogCfSb30 92s2svQXFq4UxaT7xg3sE78= =QfH5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 20:10:46 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2016 20:10:46 +0000 Subject: [RHSA-2016:2061-01] Important: mariadb-galera security and bug fix update Message-ID: <201610132010.u9DKAlYE021783@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security and bug fix update Advisory ID: RHSA-2016:2061-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2061.html Issue date: 2016-10-13 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) Bug Fix(es): * Previously, both the mariadb-server and mariadb-galera-server packages shipped the client-facing libraries, dialog.so and mysql_clear_password.so. As a result, the mariadb-galera-server package would fail to install because of package conflicts. With this update, these libraries have been moved from mariadb-galera-server to mariadb-libs, and the mariadb-galera-server package installs successfully. (BZ#1376904) * Because Red Hat Enterprise Linux 7.3 changed the return format of the "systemctl is-enabled" command as consumed by shell scripts, the mariadb-galera RPM package, upon installation, erroneously detected that the MariaDB service was enabled when it was not. As a result, the Red Hat OpenStack Platform installer, which then tried to run mariadb-galera using Pacemaker and not systemd, failed to start Galera. With this update, mariadb-galera's RPM installation scripts now use a different systemctl command, correctly detecting the default MariaDB as disabled, and the installer can succeed. (BZ#1376910) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1376904 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict. 1376910 - mysqld service prevents haproxy to get started and deployment fails 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: mariadb-galera-5.5.42-5.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/+oQXlSAg2UNWIIRAsxqAJ9gO3qcyZavGXgY7hJRYvEFf972BwCguHnK TJlkJuPFQjW/7SaD81/XPWQ= =Rmjx -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 20:15:03 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2016 20:15:03 +0000 Subject: [RHSA-2016:2062-01] Important: mariadb-galera security update Message-ID: <201610132015.u9DKF40h010576@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security update Advisory ID: RHSA-2016:2062-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2062.html Issue date: 2016-10-13 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * A permissions flaw was discovered in the MySQL logging functionality, which allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly exploit this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 6. Package List: Red Hat OpenStack Platform 9.0: Source: mariadb-galera-5.5.42-5.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/+szXlSAg2UNWIIRAgnbAJ97dJVNpyC/mQE3rrezfRjOcTRdAQCfdB4h aZGHT/AlOntAvQPPhongG8Y= =bAsD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 17 09:03:54 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Oct 2016 09:03:54 +0000 Subject: [RHSA-2016:2067-01] Important: chromium-browser security update Message-ID: <201610170903.u9H93s3V020318@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:2067-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2067.html Issue date: 2016-10-17 CVE Names: CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 54.0.2840.59. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384347 - CVE-2016-5181 chromium-browser: universal xss in blink 1384348 - CVE-2016-5182 chromium-browser: heap overflow in blink 1384349 - CVE-2016-5183 chromium-browser: use after free in pdfium 1384350 - CVE-2016-5184 chromium-browser: use after free in pdfium 1384352 - CVE-2016-5185 chromium-browser: use after free in blink 1384354 - CVE-2016-5187 chromium-browser: url spoofing 1384355 - CVE-2016-5188 chromium-browser: ui spoofing 1384357 - CVE-2016-5192 chromium-browser: cross-origin bypass in blink 1384358 - CVE-2016-5189 chromium-browser: url spoofing 1384360 - CVE-2016-5186 chromium-browser: out of bounds read in devtools 1384361 - CVE-2016-5191 chromium-browser: universal xss in bookmarks 1384362 - CVE-2016-5190 chromium-browser: use after free in internals 1384364 - CVE-2016-5193 chromium-browser: scheme bypass 1384365 - CVE-2016-5194 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-54.0.2840.59-1.el6.i686.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm x86_64: chromium-browser-54.0.2840.59-1.el6.x86_64.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-54.0.2840.59-1.el6.i686.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm x86_64: chromium-browser-54.0.2840.59-1.el6.x86_64.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-54.0.2840.59-1.el6.i686.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm x86_64: chromium-browser-54.0.2840.59-1.el6.x86_64.rpm chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5181 https://access.redhat.com/security/cve/CVE-2016-5182 https://access.redhat.com/security/cve/CVE-2016-5183 https://access.redhat.com/security/cve/CVE-2016-5184 https://access.redhat.com/security/cve/CVE-2016-5185 https://access.redhat.com/security/cve/CVE-2016-5186 https://access.redhat.com/security/cve/CVE-2016-5187 https://access.redhat.com/security/cve/CVE-2016-5188 https://access.redhat.com/security/cve/CVE-2016-5189 https://access.redhat.com/security/cve/CVE-2016-5190 https://access.redhat.com/security/cve/CVE-2016-5191 https://access.redhat.com/security/cve/CVE-2016-5192 https://access.redhat.com/security/cve/CVE-2016-5193 https://access.redhat.com/security/cve/CVE-2016-5194 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBJLmXlSAg2UNWIIRAtapAJ9Bc0qfyXALCi2PUxj5ZF1G4wwevwCfWJQV 0fLBMiwVji5yKHhNNbP25AQ= =GazA -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 17 17:29:34 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Oct 2016 17:29:34 +0000 Subject: [RHSA-2016:2064-01] Important: atomic-openshift security update Message-ID: <201610171729.u9HHTYQp008630@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: atomic-openshift security update Advisory ID: RHSA-2016:2064-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:2064 Issue date: 2016-10-17 CVE Names: CVE-2016-7075 ===================================================================== 1. Summary: An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.3 - x86_64 Red Hat OpenShift Enterprise 3.1 - x86_64 Red Hat OpenShift Enterprise 3.2 - x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. (CVE-2016-7075) This advisory contains the RPM packages for this release. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2016:2065 All OpenShift Container Platform 3 users are advised to upgrade to these updated images. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this update, see the following cluster upgrade documentation that relates to your installed version of OpenShift Container Platform. For OpenShift Container Platform 3.3: https://docs.openshift.com/container-platform/3.3/install_config/upgrading/ automated_upgrades.html#upgrading-to-ocp-3-3-asynchronous-releases For OpenShift Container Platform 3.2: https://docs.openshift.com/enterprise/3.2/install_config/upgrading/automate d_upgrades.html#upgrading-to-openshift-enterprise-3-2-asynchronous-releases For OpenShift Container Platform 3.1: https://docs.openshift.com/enterprise/3.1/install_config/upgrading/automate d_upgrades.html#upgrading-to-openshift-enterprise-3-1-asynchronous-releases 5. Bugs fixed (https://bugzilla.redhat.com/): 1384112 - CVE-2016-7075 OpenShift 3: API server does not validate client-provided intermediate certificates correctly 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.8-1.git.0.d469026.el7aos.src.rpm x86_64: atomic-openshift-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.8-1.git.0.d469026.el7aos.x86_64.rpm Red Hat OpenShift Enterprise 3.2: Source: atomic-openshift-3.2.1.17-1.git.0.6d01b60.el7.src.rpm x86_64: atomic-openshift-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-clients-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-master-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-node-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-pod-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-recycle-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm atomic-openshift-tests-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.1.17-1.git.0.6d01b60.el7.x86_64.rpm Red Hat OpenShift Container Platform 3.3: Source: atomic-openshift-3.3.0.35-1.git.0.d7bd9b6.el7.src.rpm x86_64: atomic-openshift-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-clients-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-dockerregistry-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-master-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-node-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-pod-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm atomic-openshift-tests-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm tuned-profiles-atomic-openshift-node-3.3.0.35-1.git.0.d7bd9b6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7075 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBQpiXlSAg2UNWIIRAlxzAKC/oLOnlXJZBDelQRdGf7A8tilwtQCdHZWO +8wt3SVdd6YhLFvzWU+fWpI= =QZWS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 07:19:58 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2016 07:19:58 +0000 Subject: [RHSA-2016:2073-01] Important: openssl security update Message-ID: <201610180720.u9I7JxNe020420@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:2073-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2073.html Issue date: 2016-10-18 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B?ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: openssl-1.0.1e-42.el6_7.5.src.rpm x86_64: openssl-1.0.1e-42.el6_7.5.i686.rpm openssl-1.0.1e-42.el6_7.5.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.5.i686.rpm openssl-devel-1.0.1e-42.el6_7.5.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.5.x86_64.rpm openssl-static-1.0.1e-42.el6_7.5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: openssl-1.0.1e-42.el6_7.5.src.rpm i386: openssl-1.0.1e-42.el6_7.5.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-devel-1.0.1e-42.el6_7.5.i686.rpm ppc64: openssl-1.0.1e-42.el6_7.5.ppc.rpm openssl-1.0.1e-42.el6_7.5.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.5.ppc.rpm openssl-devel-1.0.1e-42.el6_7.5.ppc64.rpm s390x: openssl-1.0.1e-42.el6_7.5.s390.rpm openssl-1.0.1e-42.el6_7.5.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.s390x.rpm openssl-devel-1.0.1e-42.el6_7.5.s390.rpm openssl-devel-1.0.1e-42.el6_7.5.s390x.rpm x86_64: openssl-1.0.1e-42.el6_7.5.i686.rpm openssl-1.0.1e-42.el6_7.5.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.5.i686.rpm openssl-devel-1.0.1e-42.el6_7.5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-perl-1.0.1e-42.el6_7.5.i686.rpm openssl-static-1.0.1e-42.el6_7.5.i686.rpm ppc64: openssl-debuginfo-1.0.1e-42.el6_7.5.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.5.ppc64.rpm openssl-static-1.0.1e-42.el6_7.5.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-42.el6_7.5.s390x.rpm openssl-perl-1.0.1e-42.el6_7.5.s390x.rpm openssl-static-1.0.1e-42.el6_7.5.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-42.el6_7.5.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.5.x86_64.rpm openssl-static-1.0.1e-42.el6_7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBczgXlSAg2UNWIIRAm/bAJ4pUNb/YA2YwJBmiAqGFPUJV+g10gCgrQqm YnKrDcNmusDAnSzkdSeVWwI= =9ivc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 12:36:59 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2016 12:36:59 +0000 Subject: [RHSA-2016:2074-01] Important: kernel security and bug fix update Message-ID: <201610181237.u9ICaxve020769@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2074-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2074.html Issue date: 2016-10-18 CVE Names: CVE-2016-4470 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) This issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * Previously, the BUG_ON() signal appeared in the fs_clear_inode() function where the nfs_have_writebacks() function reported a positive value for nfs_inode->npages. As a consequence, a kernel panic occurred. This update performs a serialization by holding the inode i_lock over the check of PagePrivate and locking the request, which fixes this bug. (BZ#1365161) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.74.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.74.1.el6.noarch.rpm kernel-doc-2.6.32-431.74.1.el6.noarch.rpm kernel-firmware-2.6.32-431.74.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.74.1.el6.x86_64.rpm kernel-debug-2.6.32-431.74.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.74.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.74.1.el6.x86_64.rpm kernel-devel-2.6.32-431.74.1.el6.x86_64.rpm kernel-headers-2.6.32-431.74.1.el6.x86_64.rpm perf-2.6.32-431.74.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.74.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.74.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm python-perf-2.6.32-431.74.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBhdjXlSAg2UNWIIRAnpWAJ9NRaG6vPT/Ho3uI1EDLM2fltIprwCgieF5 MjfOEuCjgCA0fyy5qfiXIIs= =3r6r -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 18:42:38 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2016 18:42:38 +0000 Subject: [RHSA-2016:2076-01] Important: kernel security update Message-ID: <201610181842.u9IIgeXh028253@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2076-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2076.html Issue date: 2016-10-18 CVE Names: CVE-2016-4470 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) This issue was discovered by David Howells (Red Hat Inc.). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.35.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.1.el6.noarch.rpm kernel-doc-2.6.32-573.35.1.el6.noarch.rpm kernel-firmware-2.6.32-573.35.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm kernel-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-headers-2.6.32-573.35.1.el6.x86_64.rpm perf-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.35.1.el6.src.rpm i386: kernel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-devel-2.6.32-573.35.1.el6.i686.rpm kernel-headers-2.6.32-573.35.1.el6.i686.rpm perf-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.1.el6.noarch.rpm kernel-doc-2.6.32-573.35.1.el6.noarch.rpm kernel-firmware-2.6.32-573.35.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.35.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.1.el6.ppc64.rpm kernel-devel-2.6.32-573.35.1.el6.ppc64.rpm kernel-headers-2.6.32-573.35.1.el6.ppc64.rpm perf-2.6.32-573.35.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.1.el6.s390x.rpm kernel-devel-2.6.32-573.35.1.el6.s390x.rpm kernel-headers-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.35.1.el6.s390x.rpm perf-2.6.32-573.35.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm kernel-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-headers-2.6.32-573.35.1.el6.x86_64.rpm perf-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm python-perf-2.6.32-573.35.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm python-perf-2.6.32-573.35.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBmzyXlSAg2UNWIIRAmMAAJwJ9jVdz3i/NG5+eL+yTpGTopxIwgCeLTwc 8HqGcTiiy71cGkJ2URvuecU= =iAGx -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 23:21:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2016 23:21:08 +0000 Subject: [RHSA-2016:2077-01] Important: mariadb-galera security and bug fix update Message-ID: <201610182321.u9INL8mn029325@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security and bug fix update Advisory ID: RHSA-2016:2077-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2077.html Issue date: 2016-10-18 CVE Names: CVE-2016-6662 ===================================================================== 1. Summary: An update for mariadb-galera is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) Bug Fix(es): * Previously, both the mariadb-server and mariadb-galera-server packages shipped the client-facing libraries, dialog.so and mysql_clear_password.so. As a result, the mariadb-galera-server package would fail to install because of package conflicts. With this update, these libraries have been moved from mariadb-galera-server to mariadb-libs, and the mariadb-galera-server package installs successfully. (BZ#1376905) * Because Red Hat Enterprise Linux 7.3 changed the return format of the "systemctl is-enabled" command as consumed by shell scripts, the mariadb-galera RPM package, upon installation, erroneously detected that the MariaDB service was enabled when it was not. As a result, the Red Hat OpenStack Platform installer, which then tried to run mariadb-galera using Pacemaker and not systemd, failed to start Galera. With this update, mariadb-galera's RPM installation scripts now use a different systemctl command, correctly detecting the default MariaDB as disabled, and the installer can succeed. (BZ#1376913) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1376905 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict. 1376913 - mysqld service prevents haproxy to get started and deployment fails 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: mariadb-galera-5.5.42-5.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBq1eXlSAg2UNWIIRAmr5AJ9AWePw3YccrB9TgZStHXDHXjQn1QCgtB+/ +DEO6KMrjg4zkHxA1F5ogpE= =MhHu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 19 15:09:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Oct 2016 15:09:05 +0000 Subject: [RHSA-2016:2079-01] Critical: java-1.8.0-openjdk security update Message-ID: <201610191509.u9JF951d026458@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2016:2079-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2079.html Issue date: 2016-10-19 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYB4xpXlSAg2UNWIIRAutDAKCbvutXCQlClFGPsp5XBguhK3Xc+wCfaU6i ZZNWOp88rj+PMFhVCUHdBVI= =gdQO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 12:53:50 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2016 12:53:50 +0000 Subject: [RHSA-2016:2088-01] Critical: java-1.8.0-oracle security update Message-ID: <201610201253.u9KCrpAF013693@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2016:2088-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2088.html Issue date: 2016-10-20 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 111. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.111-1jpp.4.el7.x86_64.rpm java-1.8.0-oracle-src-1.8.0.111-1jpp.4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCL49XlSAg2UNWIIRAkD4AJ4u2oVQX9qYS+k1yt4oiFgnjr7aiQCfYm5m imcc9R0teczuj2YCxlCdw9k= =Y+ER -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 12:54:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2016 12:54:32 +0000 Subject: [RHSA-2016:2089-01] Critical: java-1.7.0-oracle security update Message-ID: <201610201254.u9KCsW9A029643@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2016:2089-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2089.html Issue date: 2016-10-20 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.121-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.121-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_121 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCL5yXlSAg2UNWIIRAhJnAKCfCpFP5w204SFGkm0d4XQBdz+obQCeINAO dkd/cTNPnmum4uxvvMvrqWQ= =HhIL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 12:55:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2016 12:55:16 +0000 Subject: [RHSA-2016:2090-01] Important: java-1.6.0-sun security update Message-ID: <201610201255.u9KCtH9S014767@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2016:2090-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2090.html Issue date: 2016-10-20 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 131. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 1386408 - CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.131-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.131-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5556 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_131 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCL6cXlSAg2UNWIIRAibnAJ91BI39ApuBXyYUQ3Qt8gX7dM69tgCgo8cw C8FET0yGTxrGi+z4y20AMMc= =gvDa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 20:46:15 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2016 20:46:15 +0000 Subject: [RHSA-2016:2093-01] Important: bind security update Message-ID: <201610202046.u9KKkGY2028710@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2093-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2093.html Issue date: 2016-10-20 CVE Names: CVE-2016-2848 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385450 - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.10.i386.rpm bind-utils-9.3.6-25.P1.el5_11.10.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-9.3.6-25.P1.el5_11.10.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.10.i386.rpm bind-utils-9.3.6-25.P1.el5_11.10.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.10.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.10.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.10.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.10.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.10.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.10.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.10.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.10.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.10.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.10.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.10.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.10.s390.rpm bind-devel-9.3.6-25.P1.el5_11.10.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.10.s390.rpm bind-libs-9.3.6-25.P1.el5_11.10.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.10.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.10.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.10.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm ppc64: bind-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm s390x: bind-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.s390x.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm ppc64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2848 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01433 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCS0AXlSAg2UNWIIRAu+iAJ9Rncx/t39h0y9nhC4W/nILLbyH4wCggnM4 /GZChCDYTqrpEmcqGkeiE3o= =s4zR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 20:46:55 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2016 20:46:55 +0000 Subject: [RHSA-2016:2094-01] Important: bind97 security update Message-ID: <201610202046.u9KKktbW018623@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2016:2094-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2094.html Issue date: 2016-10-20 CVE Names: CVE-2016-2848 ===================================================================== 1. Summary: An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385450 - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind97-9.7.0-21.P2.el5_11.8.src.rpm i386: bind97-9.7.0-21.P2.el5_11.8.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.8.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.8.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.8.i386.rpm x86_64: bind97-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.8.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.8.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.8.src.rpm i386: bind97-9.7.0-21.P2.el5_11.8.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.8.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.8.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.8.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.8.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.8.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.8.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.8.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.8.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.8.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.8.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.8.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.8.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.8.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.8.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.8.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.8.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.8.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.8.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.8.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.8.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.8.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.8.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2848 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01433 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCS0pXlSAg2UNWIIRAsg9AJ9Q3vxszpe+FkZEBJKNE09RKSE4vACgrm35 Mx49kEMYgvSKaWy6TrOk1Ns= =lLse -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 24 13:40:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Oct 2016 13:40:39 +0000 Subject: [RHSA-2016:2098-01] Important: kernel security update Message-ID: <201610241340.u9ODeX7d000504@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2098-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2098.html Issue date: 2016-10-24 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-327.36.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm kernel-doc-3.10.0-327.36.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm perf-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-327.36.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm kernel-doc-3.10.0-327.36.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm perf-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-327.36.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm kernel-doc-3.10.0-327.36.3.el7.noarch.rpm ppc64: kernel-3.10.0-327.36.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.36.3.el7.ppc64.rpm kernel-debug-3.10.0-327.36.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.36.3.el7.ppc64.rpm kernel-devel-3.10.0-327.36.3.el7.ppc64.rpm kernel-headers-3.10.0-327.36.3.el7.ppc64.rpm kernel-tools-3.10.0-327.36.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.ppc64.rpm perf-3.10.0-327.36.3.el7.ppc64.rpm perf-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm python-perf-3.10.0-327.36.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.36.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debug-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.36.3.el7.ppc64le.rpm kernel-devel-3.10.0-327.36.3.el7.ppc64le.rpm kernel-headers-3.10.0-327.36.3.el7.ppc64le.rpm kernel-tools-3.10.0-327.36.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.36.3.el7.ppc64le.rpm perf-3.10.0-327.36.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm python-perf-3.10.0-327.36.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm s390x: kernel-3.10.0-327.36.3.el7.s390x.rpm kernel-debug-3.10.0-327.36.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.s390x.rpm kernel-debug-devel-3.10.0-327.36.3.el7.s390x.rpm kernel-debuginfo-3.10.0-327.36.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.36.3.el7.s390x.rpm kernel-devel-3.10.0-327.36.3.el7.s390x.rpm kernel-headers-3.10.0-327.36.3.el7.s390x.rpm kernel-kdump-3.10.0-327.36.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.36.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.36.3.el7.s390x.rpm perf-3.10.0-327.36.3.el7.s390x.rpm perf-debuginfo-3.10.0-327.36.3.el7.s390x.rpm python-perf-3.10.0-327.36.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.s390x.rpm x86_64: kernel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm perf-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.36.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.ppc64.rpm perf-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.36.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-327.36.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm kernel-doc-3.10.0-327.36.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm perf-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.36.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYDg9CXlSAg2UNWIIRAjCIAKCfqFMrcCxhrfT5Rb8jZoRBqdTUagCgkFXS If4V2m2AWYozb9GesaZsr5Y= =1J1k -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 25 09:40:08 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Oct 2016 09:40:08 +0000 Subject: [RHSA-2016:2099-01] Important: bind security update Message-ID: <201610250940.u9P9eAMV028579@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2099-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2099.html Issue date: 2016-10-25 CVE Names: CVE-2016-2776 CVE-2016-2848 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) Red Hat would like to thank ISC for reporting CVE-2016-2776. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1378380 - CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request 1385450 - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.6.src.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.8.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: bind-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: bind-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.5.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.5.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.5.i686.rpm bind-libs-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.9.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.9.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.9.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.4.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.4.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.6.src.rpm i386: bind-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.6.i686.rpm ppc64: bind-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.ppc.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm s390x: bind-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.s390.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-utils-9.8.2-0.30.rc1.el6_6.6.s390x.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.8.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.8.i686.rpm ppc64: bind-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm s390x: bind-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.8.s390x.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.5.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.5.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.5.i686.rpm bind-devel-9.7.3-8.P3.el6_2.5.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.9.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.9.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.9.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.4.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.6.i686.rpm ppc64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.ppc.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.6.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.s390.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.s390x.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.6.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.8.i686.rpm ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.8.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.8.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2776 https://access.redhat.com/security/cve/CVE-2016-2848 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01419 https://kb.isc.org/article/AA-01433 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYDyhNXlSAg2UNWIIRAg3OAKCZJF8wxwppm2XilkPQDl9JCxgrhACgguzk k0FTD0rt6WeBXIEha9Bfv4s= =miy+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 11:46:31 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 11:46:31 +0000 Subject: [RHSA-2016:2105-01] Important: kernel security update Message-ID: <201610261146.u9QBkW9m010634@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2105-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2105.html Issue date: 2016-10-25 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.6.2.el6.src.rpm i386: kernel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-devel-2.6.32-642.6.2.el6.i686.rpm kernel-headers-2.6.32-642.6.2.el6.i686.rpm perf-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm kernel-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-headers-2.6.32-642.6.2.el6.x86_64.rpm perf-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.6.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm kernel-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-headers-2.6.32-642.6.2.el6.x86_64.rpm perf-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.6.2.el6.src.rpm i386: kernel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-devel-2.6.32-642.6.2.el6.i686.rpm kernel-headers-2.6.32-642.6.2.el6.i686.rpm perf-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm ppc64: kernel-2.6.32-642.6.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm kernel-devel-2.6.32-642.6.2.el6.ppc64.rpm kernel-headers-2.6.32-642.6.2.el6.ppc64.rpm perf-2.6.32-642.6.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm s390x: kernel-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debug-devel-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm kernel-devel-2.6.32-642.6.2.el6.s390x.rpm kernel-headers-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.6.2.el6.s390x.rpm perf-2.6.32-642.6.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm x86_64: kernel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm kernel-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-headers-2.6.32-642.6.2.el6.x86_64.rpm perf-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.2.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm python-perf-2.6.32-642.6.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.2.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm python-perf-2.6.32-642.6.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.6.2.el6.src.rpm i386: kernel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-devel-2.6.32-642.6.2.el6.i686.rpm kernel-headers-2.6.32-642.6.2.el6.i686.rpm perf-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.2.el6.noarch.rpm kernel-doc-2.6.32-642.6.2.el6.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.2.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm kernel-devel-2.6.32-642.6.2.el6.x86_64.rpm kernel-headers-2.6.32-642.6.2.el6.x86_64.rpm perf-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.2.el6.i686.rpm perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm python-perf-2.6.32-642.6.2.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.2.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm python-perf-2.6.32-642.6.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFYEJcBXlSAg2UNWIIRAiWLAKCCzQq/hlgGpFbZwm1VmGEtsf8qbwCYhOVp coEi7YBOAF6JIj/7g1jNNg== =enSu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 11:47:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 11:47:16 +0000 Subject: [RHSA-2016:2106-01] Important: kernel security update Message-ID: <201610261147.u9QBlGmr021660@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2106-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2106.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.35.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.2.el6.noarch.rpm kernel-doc-2.6.32-573.35.2.el6.noarch.rpm kernel-firmware-2.6.32-573.35.2.el6.noarch.rpm x86_64: kernel-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.2.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.2.el6.x86_64.rpm kernel-devel-2.6.32-573.35.2.el6.x86_64.rpm kernel-headers-2.6.32-573.35.2.el6.x86_64.rpm perf-2.6.32-573.35.2.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.2.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm python-perf-2.6.32-573.35.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.35.2.el6.src.rpm i386: kernel-2.6.32-573.35.2.el6.i686.rpm kernel-debug-2.6.32-573.35.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.2.el6.i686.rpm kernel-devel-2.6.32-573.35.2.el6.i686.rpm kernel-headers-2.6.32-573.35.2.el6.i686.rpm perf-2.6.32-573.35.2.el6.i686.rpm perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.2.el6.noarch.rpm kernel-doc-2.6.32-573.35.2.el6.noarch.rpm kernel-firmware-2.6.32-573.35.2.el6.noarch.rpm ppc64: kernel-2.6.32-573.35.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.35.2.el6.ppc64.rpm kernel-debug-2.6.32-573.35.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.35.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.2.el6.ppc64.rpm kernel-devel-2.6.32-573.35.2.el6.ppc64.rpm kernel-headers-2.6.32-573.35.2.el6.ppc64.rpm perf-2.6.32-573.35.2.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm s390x: kernel-2.6.32-573.35.2.el6.s390x.rpm kernel-debug-2.6.32-573.35.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.s390x.rpm kernel-debug-devel-2.6.32-573.35.2.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.2.el6.s390x.rpm kernel-devel-2.6.32-573.35.2.el6.s390x.rpm kernel-headers-2.6.32-573.35.2.el6.s390x.rpm kernel-kdump-2.6.32-573.35.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.35.2.el6.s390x.rpm perf-2.6.32-573.35.2.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.s390x.rpm x86_64: kernel-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.2.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.2.el6.x86_64.rpm kernel-devel-2.6.32-573.35.2.el6.x86_64.rpm kernel-headers-2.6.32-573.35.2.el6.x86_64.rpm perf-2.6.32-573.35.2.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: kernel-debug-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.2.el6.i686.rpm perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm python-perf-2.6.32-573.35.2.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.2.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm python-perf-2.6.32-573.35.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.35.2.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.2.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.2.el6.s390x.rpm python-perf-2.6.32-573.35.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.2.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm python-perf-2.6.32-573.35.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEJemXlSAg2UNWIIRAmnDAJ9O3ENA4lZP+ian4yAW7IGWnMnuVQCffsKj 2RheHKmaY7gV1rnxqb+WSxM= =uZjE -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 11:51:01 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 11:51:01 +0000 Subject: [RHSA-2016:2107-01] Important: kernel-rt security update Message-ID: <201610261151.u9QBp1nw019707@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2016:2107-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2107.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 CVE-2016-7039 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375944 - CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.198.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.198.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.198.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/cve/CVE-2016-7039 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEJhHXlSAg2UNWIIRAhVFAKCOr9hFKmULw40HLTysdp3q1tG6FgCfQre/ yP8nUMzPBpidyfLW+n4BhSQ= =dxF5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 12:34:05 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 12:34:05 +0000 Subject: [RHSA-2016:2110-01] Important: kernel-rt security update Message-ID: <201610261233.u9QCXwvo012997@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2016:2110-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2110.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 CVE-2016-7039 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375944 - CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-327.36.3.rt56.238.el7.src.rpm noarch: kernel-rt-doc-3.10.0-327.36.3.rt56.238.el7.noarch.rpm x86_64: kernel-rt-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-kvm-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-327.36.3.rt56.238.el7.src.rpm noarch: kernel-rt-doc-3.10.0-327.36.3.rt56.238.el7.noarch.rpm x86_64: kernel-rt-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.36.3.rt56.238.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/cve/CVE-2016-7039 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEKKsXlSAg2UNWIIRAmI+AJkB5tkOU2r9pjWJ4cYCSD9mtyJFBwCgt+er yvfTfHwrbVXZfa/y1n2XeMs= =LaOt -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 18:59:21 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 18:59:21 +0000 Subject: [RHSA-2016:2115-01] Moderate: openstack-manila-ui security update Message-ID: <201610261859.u9QIxLaW003377@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2115-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2115.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: openstack-manila-ui-1.0.1-3.el7ost.src.rpm noarch: openstack-manila-ui-1.0.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEPzpXlSAg2UNWIIRAmVYAJ9rj/ty/eMUK9pTTln8OCrjBMHdsgCeKmI5 c7nxiCTm2a5dja1SBakdI4M= =48PD -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 19:00:14 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 19:00:14 +0000 Subject: [RHSA-2016:2116-01] Moderate: openstack-manila-ui security update Message-ID: <201610261900.u9QJ0Em8010775@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2116-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2116.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-manila-ui-1.2.0-2.el7ost.src.rpm noarch: openstack-manila-ui-1.2.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP0UXlSAg2UNWIIRAnWsAJ9V66l6+8TKX+1iMe2PH+uuIeV6TgCaAlC4 l0xWG+JmZ1jRSCM0N4MKr3w= =djVF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 19:00:41 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 19:00:41 +0000 Subject: [RHSA-2016:2117-01] Moderate: openstack-manila-ui security update Message-ID: <201610261900.u9QJ0gaN023034@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2117-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2117.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat OpenStack Platform 9.0: Source: openstack-manila-ui-2.1.0-2.el7ost.src.rpm noarch: openstack-manila-ui-2.1.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP1HXlSAg2UNWIIRAifpAJ9HIe3OGxk1eDXVz82Ui16g2rbGRwCfYkTm iprhL47zImWgmoi3AXsMUb0= =4qz1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 19:08:39 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2016 19:08:39 +0000 Subject: [RHSA-2016:2118-01] Important: kernel security update Message-ID: <201610261908.u9QJ8eYM023663@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2118-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2118.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.el7.noarch.rpm kernel-doc-3.10.0-229.42.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-headers-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.x86_64.rpm perf-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.el7.noarch.rpm kernel-doc-3.10.0-229.42.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.42.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.42.2.el7.ppc64.rpm kernel-devel-3.10.0-229.42.2.el7.ppc64.rpm kernel-headers-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.ppc64.rpm perf-3.10.0-229.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.42.2.el7.s390x.rpm kernel-devel-3.10.0-229.42.2.el7.s390x.rpm kernel-headers-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.42.2.el7.s390x.rpm perf-3.10.0-229.42.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-headers-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.x86_64.rpm perf-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.42.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm python-perf-3.10.0-229.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.42.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm python-perf-3.10.0-229.42.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP8eXlSAg2UNWIIRAo3nAJkBIY478UiXZN8llmLyDhRMEfES8ACeLMDw IlHiVaIgenYimWedWzqU0Fk= =i9jP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 27 04:22:17 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Oct 2016 04:22:17 +0000 Subject: [RHSA-2016:2119-01] Critical: flash-plugin security update Message-ID: <201610270422.u9R4MHaL028179@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:2119-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2119.html Issue date: 2016-10-27 CVE Names: CVE-2016-7855 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix(es): * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1389033 - CVE-2016-7855 flash-plugin: user-after-free issues fixed in APSB16-36 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.643-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.643-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.643-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.643-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7855 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-36.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEYC8XlSAg2UNWIIRAujcAJ4rwkEsQoV/2/hgukzk4/GrZnOvLwCfanjg NxNfj9hHumBa5/VNbb0j74c= =95Yr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 27 09:19:45 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Oct 2016 09:19:45 +0000 Subject: [RHSA-2016:2120-01] Important: kernel security update Message-ID: <201610270919.u9R9JaF0021850@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2120-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2120.html Issue date: 2016-10-27 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEcadXlSAg2UNWIIRApaQAKC+3ji01JFJQRL3eiuf2KjdfWsHFACeOTzI zDGZGJupVIu4rviID2pAIyQ= =jXhF -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 27 17:16:29 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Oct 2016 17:16:29 +0000 Subject: [RHSA-2016:2101-01] Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update Message-ID: <201610271716.u9RHGUjB024975@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update Advisory ID: RHSA-2016:2101-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:2101 Issue date: 2016-10-27 CVE Names: CVE-2016-1000232 CVE-2016-5325 ===================================================================== 1. Summary: An update for nodejs-tough-cookie and nodejs is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.3 - noarch, x86_64 Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2016-1000232) * It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2016-5325) This advisory contains the RPM packages for this release. See the following advisory for the container images fixes for this release: https://access.redhat.com/errata/RHBA-2016:2100 4. Solution: For details on how to apply this update in OpenShift Container Platform 3, see the Solution section of the following advisory: https://access.redhat.com/errata/RHBA-2016:2100 5. Bugs fixed (https://bugzilla.redhat.com/): 1346910 - CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated 1359818 - CVE-2016-1000232 nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons 1382854 - [3.1,3.2,3.3] nodejs rpm updates for logging-auth-proxy 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm Red Hat OpenShift Enterprise 3.2: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm Red Hat OpenShift Container Platform 3.3: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1000232 https://access.redhat.com/security/cve/CVE-2016-5325 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEjZhXlSAg2UNWIIRAvpBAKDEWC6ztC/S4dgLmh/ODSF864GxvACfYW9c lWMlqAZ1pvo+ZnOKWYemVfA= =tgnX -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 28 10:17:57 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 28 Oct 2016 10:17:57 +0000 Subject: [RHSA-2016:2124-01] Important: kernel security and bug fix update Message-ID: <201610281017.u9SAHwad012158@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2124-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2124.html Issue date: 2016-10-28 CVE Names: CVE-2016-1583 CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es): * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a null pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1344721 - CVE-2016-1583 kernel: Stack overflow via ecryptfs and /proc/$pid/environ 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-416.el5.src.rpm i386: kernel-2.6.18-416.el5.i686.rpm kernel-PAE-2.6.18-416.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-416.el5.i686.rpm kernel-PAE-devel-2.6.18-416.el5.i686.rpm kernel-debug-2.6.18-416.el5.i686.rpm kernel-debug-debuginfo-2.6.18-416.el5.i686.rpm kernel-debug-devel-2.6.18-416.el5.i686.rpm kernel-debuginfo-2.6.18-416.el5.i686.rpm kernel-debuginfo-common-2.6.18-416.el5.i686.rpm kernel-devel-2.6.18-416.el5.i686.rpm kernel-headers-2.6.18-416.el5.i386.rpm kernel-xen-2.6.18-416.el5.i686.rpm kernel-xen-debuginfo-2.6.18-416.el5.i686.rpm kernel-xen-devel-2.6.18-416.el5.i686.rpm noarch: kernel-doc-2.6.18-416.el5.noarch.rpm x86_64: kernel-2.6.18-416.el5.x86_64.rpm kernel-debug-2.6.18-416.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debug-devel-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-416.el5.x86_64.rpm kernel-devel-2.6.18-416.el5.x86_64.rpm kernel-headers-2.6.18-416.el5.x86_64.rpm kernel-xen-2.6.18-416.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-xen-devel-2.6.18-416.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-416.el5.src.rpm i386: kernel-2.6.18-416.el5.i686.rpm kernel-PAE-2.6.18-416.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-416.el5.i686.rpm kernel-PAE-devel-2.6.18-416.el5.i686.rpm kernel-debug-2.6.18-416.el5.i686.rpm kernel-debug-debuginfo-2.6.18-416.el5.i686.rpm kernel-debug-devel-2.6.18-416.el5.i686.rpm kernel-debuginfo-2.6.18-416.el5.i686.rpm kernel-debuginfo-common-2.6.18-416.el5.i686.rpm kernel-devel-2.6.18-416.el5.i686.rpm kernel-headers-2.6.18-416.el5.i386.rpm kernel-xen-2.6.18-416.el5.i686.rpm kernel-xen-debuginfo-2.6.18-416.el5.i686.rpm kernel-xen-devel-2.6.18-416.el5.i686.rpm ia64: kernel-2.6.18-416.el5.ia64.rpm kernel-debug-2.6.18-416.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-416.el5.ia64.rpm kernel-debug-devel-2.6.18-416.el5.ia64.rpm kernel-debuginfo-2.6.18-416.el5.ia64.rpm kernel-debuginfo-common-2.6.18-416.el5.ia64.rpm kernel-devel-2.6.18-416.el5.ia64.rpm kernel-headers-2.6.18-416.el5.ia64.rpm kernel-xen-2.6.18-416.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-416.el5.ia64.rpm kernel-xen-devel-2.6.18-416.el5.ia64.rpm noarch: kernel-doc-2.6.18-416.el5.noarch.rpm ppc: kernel-2.6.18-416.el5.ppc64.rpm kernel-debug-2.6.18-416.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-debug-devel-2.6.18-416.el5.ppc64.rpm kernel-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-416.el5.ppc64.rpm kernel-devel-2.6.18-416.el5.ppc64.rpm kernel-headers-2.6.18-416.el5.ppc.rpm kernel-headers-2.6.18-416.el5.ppc64.rpm kernel-kdump-2.6.18-416.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-kdump-devel-2.6.18-416.el5.ppc64.rpm s390x: kernel-2.6.18-416.el5.s390x.rpm kernel-debug-2.6.18-416.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-416.el5.s390x.rpm kernel-debug-devel-2.6.18-416.el5.s390x.rpm kernel-debuginfo-2.6.18-416.el5.s390x.rpm kernel-debuginfo-common-2.6.18-416.el5.s390x.rpm kernel-devel-2.6.18-416.el5.s390x.rpm kernel-headers-2.6.18-416.el5.s390x.rpm kernel-kdump-2.6.18-416.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-416.el5.s390x.rpm kernel-kdump-devel-2.6.18-416.el5.s390x.rpm x86_64: kernel-2.6.18-416.el5.x86_64.rpm kernel-debug-2.6.18-416.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debug-devel-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-416.el5.x86_64.rpm kernel-devel-2.6.18-416.el5.x86_64.rpm kernel-headers-2.6.18-416.el5.x86_64.rpm kernel-xen-2.6.18-416.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-xen-devel-2.6.18-416.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1583 https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEyW/XlSAg2UNWIIRAu6bAKCAZkga9pOAO12NeSKKcoSyTwWfswCeKQVq FooeyHBgHP7undDI6+lxBHc= =cbDn -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 31 14:10:28 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Oct 2016 14:10:28 +0000 Subject: [RHSA-2016:2126-01] Important: kernel security update Message-ID: <201610311410.u9VEATf0006644@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2126-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2126.html Issue date: 2016-10-31 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: kernel-2.6.18-348.32.1.el5.src.rpm i386: kernel-2.6.18-348.32.1.el5.i686.rpm kernel-PAE-2.6.18-348.32.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.32.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.32.1.el5.i686.rpm kernel-debug-2.6.18-348.32.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.32.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.32.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.32.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.32.1.el5.i686.rpm kernel-devel-2.6.18-348.32.1.el5.i686.rpm kernel-headers-2.6.18-348.32.1.el5.i386.rpm kernel-xen-2.6.18-348.32.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.32.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.32.1.el5.i686.rpm ia64: kernel-2.6.18-348.32.1.el5.ia64.rpm kernel-debug-2.6.18-348.32.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.32.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.32.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.32.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.32.1.el5.ia64.rpm kernel-devel-2.6.18-348.32.1.el5.ia64.rpm kernel-headers-2.6.18-348.32.1.el5.ia64.rpm kernel-xen-2.6.18-348.32.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.32.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.32.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.32.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.32.1.el5.x86_64.rpm kernel-debug-2.6.18-348.32.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.32.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.32.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.32.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.32.1.el5.x86_64.rpm kernel-devel-2.6.18-348.32.1.el5.x86_64.rpm kernel-headers-2.6.18-348.32.1.el5.x86_64.rpm kernel-xen-2.6.18-348.32.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.32.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.32.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYF1DNXlSAg2UNWIIRAucgAJ46RRuiVMJ3hr4CikCdMKrJz5DYTwCfWuh4 jLPbqDBoD2NNUBFo4SosV6Y= =CLuX -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 31 14:10:53 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Oct 2016 14:10:53 +0000 Subject: [RHSA-2016:2127-01] Important: kernel security update Message-ID: <201610311410.u9VEArYT030554@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2127-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2127.html Issue date: 2016-10-31 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.6 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.6 server): Source: kernel-2.6.18-238.57.1.el5.src.rpm i386: kernel-2.6.18-238.57.1.el5.i686.rpm kernel-PAE-2.6.18-238.57.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.57.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.57.1.el5.i686.rpm kernel-debug-2.6.18-238.57.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.57.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.57.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.57.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.57.1.el5.i686.rpm kernel-devel-2.6.18-238.57.1.el5.i686.rpm kernel-headers-2.6.18-238.57.1.el5.i386.rpm kernel-xen-2.6.18-238.57.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.57.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.57.1.el5.i686.rpm ia64: kernel-2.6.18-238.57.1.el5.ia64.rpm kernel-debug-2.6.18-238.57.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.57.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.57.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.57.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.57.1.el5.ia64.rpm kernel-devel-2.6.18-238.57.1.el5.ia64.rpm kernel-headers-2.6.18-238.57.1.el5.ia64.rpm kernel-xen-2.6.18-238.57.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.57.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.57.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.57.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.57.1.el5.x86_64.rpm kernel-debug-2.6.18-238.57.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.57.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.57.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.57.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.57.1.el5.x86_64.rpm kernel-devel-2.6.18-238.57.1.el5.x86_64.rpm kernel-headers-2.6.18-238.57.1.el5.x86_64.rpm kernel-xen-2.6.18-238.57.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.57.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.57.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYF1DnXlSAg2UNWIIRAnhIAKCkSD4V/381pAeg6kJ7dgevMzroVACbBQiW qEmX7nBvQb+Hu5TQ0355SmM= =JiOY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 31 16:07:32 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Oct 2016 16:07:32 +0000 Subject: [RHSA-2016:2128-01] Important: kernel security and enhancement update Message-ID: <201610311607.u9VG7XxO001981@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and enhancement update Advisory ID: RHSA-2016:2128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2128.html Issue date: 2016-10-31 CVE Names: CVE-2016-4470 CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important) * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat). Enhancement(s): * This update fixes a tape write problem by fixing the use of the sas_is_tlr_enabled API in the mpt3sas driver. The driver now checks whether Transport Layer Recovery (TLR) is enabled before enabling the MPI2_SCSIIO_CONTROL_TLR_ON flag. (BZ#1372352) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: kernel-2.6.32-504.54.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.54.1.el6.noarch.rpm kernel-doc-2.6.32-504.54.1.el6.noarch.rpm kernel-firmware-2.6.32-504.54.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.54.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.54.1.el6.x86_64.rpm kernel-devel-2.6.32-504.54.1.el6.x86_64.rpm kernel-headers-2.6.32-504.54.1.el6.x86_64.rpm perf-2.6.32-504.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm python-perf-2.6.32-504.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: kernel-2.6.32-504.54.1.el6.src.rpm i386: kernel-2.6.32-504.54.1.el6.i686.rpm kernel-debug-2.6.32-504.54.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.54.1.el6.i686.rpm kernel-devel-2.6.32-504.54.1.el6.i686.rpm kernel-headers-2.6.32-504.54.1.el6.i686.rpm perf-2.6.32-504.54.1.el6.i686.rpm perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.54.1.el6.noarch.rpm kernel-doc-2.6.32-504.54.1.el6.noarch.rpm kernel-firmware-2.6.32-504.54.1.el6.noarch.rpm ppc64: kernel-2.6.32-504.54.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.54.1.el6.ppc64.rpm kernel-debug-2.6.32-504.54.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.54.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.54.1.el6.ppc64.rpm kernel-devel-2.6.32-504.54.1.el6.ppc64.rpm kernel-headers-2.6.32-504.54.1.el6.ppc64.rpm perf-2.6.32-504.54.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm s390x: kernel-2.6.32-504.54.1.el6.s390x.rpm kernel-debug-2.6.32-504.54.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.s390x.rpm kernel-debug-devel-2.6.32-504.54.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.54.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.54.1.el6.s390x.rpm kernel-devel-2.6.32-504.54.1.el6.s390x.rpm kernel-headers-2.6.32-504.54.1.el6.s390x.rpm kernel-kdump-2.6.32-504.54.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.54.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.54.1.el6.s390x.rpm perf-2.6.32-504.54.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.54.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.s390x.rpm x86_64: kernel-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.54.1.el6.i686.rpm kernel-debug-devel-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-504.54.1.el6.x86_64.rpm kernel-devel-2.6.32-504.54.1.el6.x86_64.rpm kernel-headers-2.6.32-504.54.1.el6.x86_64.rpm perf-2.6.32-504.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: kernel-debug-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-2.6.32-504.54.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.54.1.el6.i686.rpm perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm python-perf-2.6.32-504.54.1.el6.i686.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.54.1.el6.ppc64.rpm perf-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm python-perf-2.6.32-504.54.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.54.1.el6.s390x.rpm kernel-debuginfo-2.6.32-504.54.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.54.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.54.1.el6.s390x.rpm perf-debuginfo-2.6.32-504.54.1.el6.s390x.rpm python-perf-2.6.32-504.54.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm python-perf-2.6.32-504.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.54.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYF2w0XlSAg2UNWIIRAs1OAJ4h8FSGzSaeomKDN+fI/36nv67vrACfUcEU 2ROTnOK9MbVf58A3skQGi2k= =2ew+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 31 20:29:04 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Oct 2016 20:29:04 +0000 Subject: [RHSA-2016:2130-01] Important: mysql55-mysql security update Message-ID: <201610312029.u9VKT5Mr009246@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql55-mysql security update Advisory ID: RHSA-2016:2130-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2130.html Issue date: 2016-10-31 CVE Names: CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-8283 ===================================================================== 1. Summary: An update for mysql55-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.52). Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5617, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1386554 - CVE-2016-3492 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) 1386561 - CVE-2016-5612 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386562 - CVE-2016-5616 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU October 2016) 1386564 - CVE-2016-5617 mysql: unspecified vulnerability in subcomponent: Server: Error Handling (CPU October 2016) 1386566 - CVE-2016-5624 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386568 - CVE-2016-5626 mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) 1386572 - CVE-2016-5629 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) 1386585 - CVE-2016-8283 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.52-1.el6.src.rpm x86_64: mysql55-mysql-5.5.52-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el6.x86_64.rpm mysql55-mysql-server-5.5.52-1.el6.x86_64.rpm mysql55-mysql-test-5.5.52-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.52-1.el6.src.rpm x86_64: mysql55-mysql-5.5.52-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el6.x86_64.rpm mysql55-mysql-server-5.5.52-1.el6.x86_64.rpm mysql55-mysql-test-5.5.52-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: mysql55-mysql-5.5.52-1.el6.src.rpm x86_64: mysql55-mysql-5.5.52-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el6.x86_64.rpm mysql55-mysql-server-5.5.52-1.el6.x86_64.rpm mysql55-mysql-test-5.5.52-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.52-1.el6.src.rpm x86_64: mysql55-mysql-5.5.52-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el6.x86_64.rpm mysql55-mysql-server-5.5.52-1.el6.x86_64.rpm mysql55-mysql-test-5.5.52-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.52-1.el7.src.rpm x86_64: mysql55-mysql-5.5.52-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el7.x86_64.rpm mysql55-mysql-server-5.5.52-1.el7.x86_64.rpm mysql55-mysql-test-5.5.52-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mysql55-mysql-5.5.52-1.el7.src.rpm x86_64: mysql55-mysql-5.5.52-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el7.x86_64.rpm mysql55-mysql-server-5.5.52-1.el7.x86_64.rpm mysql55-mysql-test-5.5.52-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: mysql55-mysql-5.5.52-1.el7.src.rpm x86_64: mysql55-mysql-5.5.52-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el7.x86_64.rpm mysql55-mysql-server-5.5.52-1.el7.x86_64.rpm mysql55-mysql-test-5.5.52-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.52-1.el7.src.rpm x86_64: mysql55-mysql-5.5.52-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.52-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.52-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.52-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.52-1.el7.x86_64.rpm mysql55-mysql-server-5.5.52-1.el7.x86_64.rpm mysql55-mysql-test-5.5.52-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3492 https://access.redhat.com/security/cve/CVE-2016-5612 https://access.redhat.com/security/cve/CVE-2016-5616 https://access.redhat.com/security/cve/CVE-2016-5617 https://access.redhat.com/security/cve/CVE-2016-5624 https://access.redhat.com/security/cve/CVE-2016-5626 https://access.redhat.com/security/cve/CVE-2016-5629 https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/cve/CVE-2016-8283 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYF6lyXlSAg2UNWIIRAjYYAJ9jYzTBS2CelcVlc/1JdDwMjI3fSwCgvbwV YeJT/rev8YuCjkZNuNpBU7Y= =QoZm -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 31 22:49:16 2016 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Oct 2016 22:49:16 +0000 Subject: [RHSA-2016:2131-01] Important: mariadb55-mariadb security update Message-ID: <201610312249.u9VMnGbh015060@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb55-mariadb security update Advisory ID: RHSA-2016:2131-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2131.html Issue date: 2016-10-31 CVE Names: CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-8283 ===================================================================== 1. Summary: An update for mariadb55-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.53). Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation 1378936 - CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair 1386554 - CVE-2016-3492 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) 1386561 - CVE-2016-5612 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386562 - CVE-2016-5616 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU October 2016) 1386566 - CVE-2016-5624 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) 1386568 - CVE-2016-5626 mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) 1386572 - CVE-2016-5629 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) 1386585 - CVE-2016-8283 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.53-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.53-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: mariadb55-mariadb-5.5.53-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.53-1.el6.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el6.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.53-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: mariadb55-mariadb-5.5.53-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: mariadb55-mariadb-5.5.53-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.53-1.el7.src.rpm x86_64: mariadb55-mariadb-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-server-5.5.53-1.el7.x86_64.rpm mariadb55-mariadb-test-5.5.53-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3492 https://access.redhat.com/security/cve/CVE-2016-5612 https://access.redhat.com/security/cve/CVE-2016-5616 https://access.redhat.com/security/cve/CVE-2016-5624 https://access.redhat.com/security/cve/CVE-2016-5626 https://access.redhat.com/security/cve/CVE-2016-5629 https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/cve/CVE-2016-6663 https://access.redhat.com/security/cve/CVE-2016-8283 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYF8pMXlSAg2UNWIIRAlMdAJ99TXLt4gffHF9af1s7XM99ZCjxngCeKk8h LpRIEV5Hj4MB7yEjpdjDlY0= =TjuQ -----END PGP SIGNATURE-----